You are viewing 'malicious emails'

Decoding a VBA Macro Downloader

Jacob Faires

September 20, 2016 - Posted by Jacob Faires to Security Insight

Phishing Email

Recently, NTT Security discovered a phishing email containing malware. The email had a Microsoft Word document attached with a malicious embedded macro. Macros are an effective infection vector and have been steadily gaining popularity in the last several years. Microsoft Office macros are a series of instructions run together as a single command. Microsoft extended macro capabilities to include Visual Basic for Applications (VBA) run inside of a Microsoft Office application (Access, Word, Outlook, Excel, and Power Point). The takeaway is that macros could be, and probably are, malicious code when coming from an unknown source.

The Document

Below in figure 1 is a screen shot of the document we discovered embedded in the email. As you can see, the document is well formatted, and looks very legitimate. It also gives step-by-step instructions, requesting the user to enable content so the... read more >

Patched Vulnerability in FireEye Appliances

FireEye acted quickly to close a serious vulnerability in some appliances

Terrance DeJesus

December 16, 2015 - Posted by Terrance DeJesus to Security News


On Tuesday, December 15, 2015, FireEye, a worldwide provider of cybersecurity and malware protection to clients in the public and private sectors, issued a Support Notice to its clients regarding a critical vulnerability in a module which analyzes Java Archive (JAR) files.

Google’s Project Zero, a team dedicated to finding new vulnerabilities, discovered this severe security hole in the way the Malware Input Processor (MIP) utilizes an open source Java decompiler called Java Optimize and Decompile Environment (JODE). MIP uses the JODE decompiler in conjunction with JAR helper to statically analyze JAR files and check for signatures which may suggest malicious code. JODE is then used by Java’s SimpleRuntimeEnvironment class to deobfuscate strings by dynamically executing a small sample of the bytecode.

Affected... read more >

Holiday Shoppers Beware!

Four threats to be aware of this holiday season

Terrance DeJesus

November 25, 2015 - Posted by Terrance DeJesus to Security Insight

When thinking about the period between November through the end of December, joyful thoughts of mouth-watering turkey, ham, mashed potatoes and (my personal favorite) stuffing, tend to come to mind. Let’s not forget about those Black Friday, Cyber Monday and holiday deals we are anxiously awaiting and hunting for. Once the deals are found, shoppers create stampedes at local stores to buy the intended items by swiping away at every credit/debit card system needed.

If you like to avoid the chaos, maybe you prefer entering your credit/debit card’s 16-digits, expiration date and CSV code into online shopping sites during Cyber Monday? Either way, with cybercrime on the rise and recent research making cyber news headlines, we should take a step back to ensure that our shopping process does not have negative results by reviewing a little bit of what has been going on, and how it could impact you during or after holiday shopping. Four scams to watch out for during this... read more >

CryptoWalls of Jericho 3.0

A succinct look in to the mind of CryptoWall 3.0

Bryan Pasquale

June 24, 2015 - Posted by Bryan Pasquale to Security Insight

Ransom Message

Ransomware like CryptoWall is epidemic, impacting individuals and organizations. This form of malware builds a wall around data, using encryption. Then, cybercriminals attempt to extort money from the victims in exchange for releasing the data (hence the term ransomware). Unfortunately, there is no trumpet to sound that will bring down the CryptoWalls of Jericho. While victims are encouraged to NOT pay the ransom, the best defenses against ransomware are to avoid getting infected in the first place and back up data regularly.

Although it’s been around for a while, the FBI’s Internet Crime Complaint Center (IC3) recently released alert I-062315-PSA about the risk of CryptoWall (CW) ransomware. According to the FBI, CW has resulted in over $18 million in losses since 2014. The most recent version of the CryptoWall ransomware is CryptoWall 3.0 (CW3).

A few months ago, I did a... read more >

My Life According to Spam

If the spam I received actually portrayed my daily life

Jon-Louis Heimerl

April 21, 2015 - Posted by Jon-Louis Heimerl to Security Insight

Jon's spam

I find that I have to tolerate my junk email. I feel like I get so much of it. I have not checked statistics lately, but for me, probably something on the order of 90% of the email I get is spam. I can’t help but wonder, though, what someone would think if they had no concept of “spam?” If they thought that the email I receive actually portrayed an accurate picture of me…

According to my spam

I make $6000 a month working at home as an autopilot, and using an action packed 12 page guide, I have discovered just how affordable real estate can be. At least when I am not busy on one of my many woodworking projects. I credit my creative money making philosophy and my early retirement to brain smart supplements and clinically proven creative thinking from the Utah Coalition for... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)